Home Malware Programs Ransomware Uridzu Ransomware

Uridzu Ransomware

Posted: December 30, 2017

Threat Metric

Ranking: 6,857
Threat Level: 8/10
Infected PCs: 1,110
First Seen: February 20, 2023
Last Seen: October 6, 2023
OS(es) Affected: Windows


The Uridzu Ransomware is a file-locking Trojan that may be a variant of the Globe Imposter 2.0 Ransomware. The Uridzu Ransomware uses an encryption cipher for blocking various formats of content, including text documents or pictures, and creates Web pages to link the victims to a premium unlocking solution. Most anti-malware programs may remove the Uridzu Ransomware safely and interrupt its file-locking process, but victims may not be able to restore any media without backups.

Ransoming Captured Data under Vague Deadlines

As frequent as it is to see different versions of the Globe Ransomware family in the wild, malware researchers also see just as many, if not more Trojans that borrow its visual symptoms, while not using the same enciphering mechanisms. This difference is essential for any PC users trying to undo the damage from an infection, which can require highly-specific decryptors. Running a Globe Ransomware-based decryption program for the Uridzu Ransomware, for example, is unlikely to do more than corrupt your files permanently.

China, the Middle East, and Eastern Europe all are previous focal points of activity related to this family's campaigns. Malware researchers have yet to determine which regions the Uridzu Ransomware is targeting, although its notes use English for maximal compatibility with many, different areas of the world. The Uridzu Ransomware includes a data-enciphering feature that can block a range of non-essential files on your PC without a user interface, with additional, superficial effects including tags or extensions inserted into their names.

The Uridzu Ransomware also mimics the ransoming messages of the Globe Ransomware family, which is a characteristic known to similar Trojans, like the ONI Ransomware, the Panda Ransomware, and the ABC Ransomware. Dropped Web pages deliver instructions to the victims about paying a threat actor for buying a decryption key, which the Uridzu Ransomware uploads to them automatically. Unlike most file-locker Trojans, the Uridzu Ransomware doesn't give an explicit limit, although its admins do threaten to erase the key eventually. Its ransom cost also is vague, possibly as a bargaining tactic.

Delivering Freedom to Media at a Bargain Price

Trojans using the Globe Imposter 2.0 Ransomware's cryptography methods aren't decryptable with the free solutions that malware experts can confirm for being compatible with old versions of the Globe Imposter Ransomware. For recent, file-locking threats like the Uridzu Ransomware, users may only have a limited set of options for recovering any content, including loading a backup or risking paying the cybercrook for a missing or corrupt decryption code. The files more likely than usual of being under attack from the Uridzu Ransomware include text documents, audio, images, archives, and work from Microsoft's Office products.

Threat actors are using spam e-mails as a choice installation method for most file-locking Trojans, although the nature of the spam may vary from misnamed executables to real documents with embedded exploits. Most anti-malware programs can detect either version if the user lets the scan the relevant file. Because it locks the user's content without any symptoms, at first, leveraging anti-malware protection to preemptively delete the Uridzu Ransomware may be your only chance of stopping it from attacking your files.

Obeying the demands of cybercrooks, regardless of the pressure, encourages future attacks of the same type. Considering the cost of backup and security software always is better than paying the price afterward for ignoring it.

Loading...